1. Field of the Invention
The present invention relates to biometric devices used to identify people and, more particularly, to a biometric device that can continuously authenticate every input the user makes using the device based on a correlational analysis of sensor signals from the device.
2. Description of Prior Art
Unauthorized data entry and computer operation is a major computer security problem that yearly costs in the millions of dollars of damage and millions of person-hours to correct. Authenticating the identity of an authorized computer user is a necessary part of computer use. Insuring that a person is authorized to use a computer can be done in three different ways. The first method is by the use of something a person carries, such as a token, key or smart card (e.g., U.S. Pat. Nos. 6,247,644 & 6,268,788). The second method is by the use of something a person knows, such as a password or personal identification code. The third method is by the use of a person's unique physical or behavioral attributes. A physical attribute would be like a finger print or facial feature. A behavioral attribute might be the way a person moves or speaks, such as a person's gait when walking or speech patterns. This third method of using physical or behavioral attributes of the person is called biometrics. Most computer security systems use one or more methods to authenticate the user's identity, but biometrics is the most resistant to theft, since it is part of a person's attributes.
Biometric devices that measure fingerprints (e.g., U.S. Pat. No. 6,125,192), voice (e.g., U.S. Pat. No. 5,913,196), irises (e.g., U.S. Pat. No. 6,554,705), and facial images (e.g., U.S. Pat. No. 6,554,705) are available. All biometric devices require initial registration of the user's attribute that are measured by the sensors of the biometric device. Upon initial use to authenticate the identity of the user, current biometric devices extract a feature set from sensors which are correlated to an existing user database acquired during user registration. These devices require training, are time consuming, can be difficult to use, can require extra equipment, can be expensive and are so inconvenient that user identity authentication is done only upon initial use.
Handheld writing devices that use pressure as a biometric is possible (e.g., U.S. Pat. Nos. 5,774,571, 6,539,101), but they are not commonly used as input devices to a computer and is not commonly available. Also, these devices are primarily for one time identification applications.
There are some devices designed to authenticate a computer user that are built into a computer mouse to identify the computer user such as by using a thumb or index fingerprint (e.g., U.S. Pat. Nos. 5,991,431 & D440,568). These devices reduce the cumbersome nature of a separate piece of equipment for identification, but these devices are designed primarily to provide authentication upon initial use and require training on the placement of the finger. Another problem with many of the previously described biometric devices is that they rely primarily on the signal from a single sensor. A sensor flaw or signal distortion from that sensor would reduce the reliability of the user identity authentication system.
There are devices similar to the invention with different stipulated uses for the signals from sensor on a computer mouse. Both U.S. Pat. No. 6,190,314 (i.e., A “Computer Input Device with Biosensors for Sensing User Emotions”) and a paper by Qi and Picard (Qi, Y. and Picard, R. W., “Context-sensitive Bayesian Classifiers and Application to Mouse Pressure Pattern Classification”, Proceedings of the International Conference on Pattern Recognition, August 2002, Quéébec City, Canada) stipulate the use of sensors on a computer mouse to detect emotions. Neither stipulate the use of the sensor signals for identification or continuous authentication of the user.
Continuous authentication of the identity of a computer user is one of the best ways to use biometrics to prevent unauthorized use of a computer system. An example of continuous authentication is a guard constantly watching who is using a computer, using facial features as the unique biometric identifying attribute. Continuous authentication can prevent an unauthorized person from slipping in and using the computer system after the initial authentication of the identity of the authorized user.
The invention senses the pressures a user applies to the computer mouse during routine use. The sensors for the invention are incorporated into the structure of a computer mouse. After the initial registration of the user, there is no training and no special finger placement required, the user simply uses the computer mouse. Authentication of the user can occur within a few clicks and can be continuous as long as the user provides input to the computer with the mouse. Multiple sensors within the mouse provide a unique multidimensional measure of the user's attributes. The invention resolves the shortcomings of previous inventions by: not requiring training, having a brief period for initial registration of the user's identity, being easy to use, not requiring extra equipment, using multiple pressure sensors located at critical stress points and providing continuous authentication of the user's identity.